mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-24 15:02:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tls13: srv: Add discard_early_data_record SSL field

Browse Source 
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Jerry Yu 2023-11-15 16:13:47 +08:00 committed by Ronald Cron
parent 064dd2b870
commit 4caf3ca08c
3 changed files with 61 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
include/mbedtls/ssl.h
View File

@ -353,6 +353,26 @@
#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
/*
* Whether early data record should be discarded or not and how.
*
* The client has indicated early data and the server has rejected them.
* The server has then to skip past early data by either:
* - attempting to deprotect received records using the handshake traffic
* key, discarding records which fail deprotection (up to the configured
* max_early_data_size). Once a record is deprotected successfully,
* it is treated as the start of the client's second flight and the
* server proceeds as with an ordinary 1-RTT handshake.
* - skipping all records with an external content type of
* "application_data" (indicating that they are encrypted), up to the
* configured max_early_data_size. This is the expected behavior if the
* server has sent an HelloRetryRequest message. The server ignores
* application data message before 2nd ClientHello.
*/
#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD 0
#define MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD 1
#define MBEDTLS_SSL_EARLY_DATA_DISCARD 2
/** /**
* \name SECTION: Module settings * \name SECTION: Module settings
* *
@ -1782,6 +1802,16 @@ struct mbedtls_ssl_context {
* within a single datagram. */ * within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C)
/*
* One of:
* MBEDTLS_SSL_EARLY_DATA_NO_DISCARD
* MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD
* MBEDTLS_SSL_EARLY_DATA_DISCARD
*/
uint8_t MBEDTLS_PRIVATE(discard_early_data_record);
#endif
/* /*
* Record layer (outgoing data) * Record layer (outgoing data)
*/ */

7
library/ssl_tls.c
View File

@ -1098,9 +1098,14 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_ALLOC_FAILED; return MBEDTLS_ERR_SSL_ALLOC_FAILED;
} }
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_EARLY_DATA)
#if defined(MBEDTLS_SSL_CLI_C)
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
#endif #endif
#if defined(MBEDTLS_SSL_SRV_C)
ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
#endif
#endif /* MBEDTLS_SSL_EARLY_DATA */
/* Initialize structures */ /* Initialize structures */
mbedtls_ssl_session_init(ssl->session_negotiate); mbedtls_ssl_session_init(ssl->session_negotiate);

54
library/ssl_tls13_server.c
View File

@ -1780,28 +1780,15 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
static int ssl_tls13_is_early_data_accepted(mbedtls_ssl_context *ssl, static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl)
int hrr_required)
{ {
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
if ((handshake->received_extensions &
MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: no early data extension received."));
return 0;
}
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
MBEDTLS_SSL_DEBUG_MSG( MBEDTLS_SSL_DEBUG_MSG(
1, 1,
("EarlyData: rejected, feature disabled in server configuration.")); ("EarlyData: rejected, feature disabled in server configuration."));
return 0; return -1;
}
if (hrr_required) {
MBEDTLS_SSL_DEBUG_MSG(1, ("EarlyData: rejected, HRR required."));
return 0;
} }
if (!handshake->resume) { if (!handshake->resume) {
@ -1810,7 +1797,7 @@ static int ssl_tls13_is_early_data_accepted(mbedtls_ssl_context *ssl,
resumption. */ resumption. */
MBEDTLS_SSL_DEBUG_MSG( MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: rejected, not a session resumption.")); 1, ("EarlyData: rejected, not a session resumption."));
return 0; return -1;
} }
/* RFC 8446 4.2.10 /* RFC 8446 4.2.10
@ -1833,7 +1820,7 @@ static int ssl_tls13_is_early_data_accepted(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: rejected, the selected key in " 1, ("EarlyData: rejected, the selected key in "
"`pre_shared_key` is not the first one.")); "`pre_shared_key` is not the first one."));
return 0; return -1;
} }
if (handshake->ciphersuite_info->id != if (handshake->ciphersuite_info->id !=
@ -1841,7 +1828,7 @@ static int ssl_tls13_is_early_data_accepted(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( MBEDTLS_SSL_DEBUG_MSG(
1, ("EarlyData: rejected, the selected ciphersuite is not the one " 1, ("EarlyData: rejected, the selected ciphersuite is not the one "
"of the selected pre-shared key.")); "of the selected pre-shared key."));
return 0; return -1;
} }
@ -1850,10 +1837,10 @@ static int ssl_tls13_is_early_data_accepted(mbedtls_ssl_context *ssl,
1, 1,
("EarlyData: rejected, early_data not allowed in ticket " ("EarlyData: rejected, early_data not allowed in ticket "
"permission bits.")); "permission bits."));
return 0; return -1;
} }
return 1; return 0;
} }
#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_EARLY_DATA */
@ -1885,15 +1872,24 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_EARLY_DATA) #if defined(MBEDTLS_SSL_EARLY_DATA)
ssl->handshake->early_data_accepted = if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
ssl_tls13_is_early_data_accepted(ssl, hrr_required); ssl->handshake->early_data_accepted = 0;
if (!hrr_required) {
if (ssl->handshake->early_data_accepted) { ssl->handshake->early_data_accepted =
ret = mbedtls_ssl_tls13_compute_early_transform(ssl); (ssl_tls13_check_early_data_requirements(ssl) == 0);
if (ret != 0) { }
MBEDTLS_SSL_DEBUG_RET( if (ssl->handshake->early_data_accepted) {
1, "mbedtls_ssl_tls13_compute_early_transform", ret); ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
return ret; if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(
1, "mbedtls_ssl_tls13_compute_early_transform", ret);
return ret;
}
} else {
ssl->discard_early_data_record =
hrr_required ?
MBEDTLS_SSL_EARLY_DATA_DISCARD :
MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD;
} }
} }
#else #else